In 2009, India launched an identification project, Aadhaar, to issue unique 12-digit identity numbers based on demographic and biometric information to all citizens. Almost a decade after its inception, Aadhaar has become a nationwide acceptable digital identification for 1.21 billion of India’s 1.3 billion people. It gave many their official identity for the first time, which allowed them to get bank accounts, passports, driver’s licenses, and benefits under government welfare schemes. But it has also helped combat a major problem in India: people using fake identities to get government subsidies.

In May, the government released data on the fake beneficiaries detected after mandatory use of Aadhaar in major federal welfare programs. Recently, amid concerns about the security of the program, the chief of India’s telecom regulator issued an open challenge by putting his Aadhaar number in the public domain, inviting all to hack his personal data. His goal was to assure people that their individual biometric data was safe. Instead, the stunt renewed the debate on the comparison of cost and benefits of making the use of Aadhaar mandatory for public services.

Before Aadhaar, millions didn’t have any formal identity documents. Others had multiple IDs issued by various agencies to be used locally. Due to the lack of a national identity system and means of real-time authentication, it was difficult to cross-check and correct these records. While many poor people were unable to access welfare services at all because they lacked documentation, fraudsters were able to create fake beneficiaries. Rajiv Gandhi, India’s former prime minister in late 1980s, quoted his own government’s data that only 15 percent of every rupee paid for welfare services reached the intended beneficiaries. Even in 2005, the government estimated that 58 percent of subsidized food grains and 38 percent of subsidized kerosene didn’t reach their intended beneficiaries. This shows the scale of leakages and the prevalence of fake beneficiaries, which historically has existed in the government welfare delivery system.

The Indian government has now made it mandatory for people to provide their Aadhaar details to access most welfare benefits. Because Aadhaar requires 10 fingerprints and two iris scans, it’s difficult to pretend to be someone you’re not.

The digital identification is helping the government in removing the role of middlemen as subsidies and other cash benefits can now be directly transferred to the accounts of intended beneficiaries, which was not possible earlier as a vast majority of people, mainly poor, didn’t have access to banking services. After 2014, 300 million new bank accounts have been opened, mainly by the poor. About 99 percent of households now have access to banking facilities. The total number of beneficiaries receiving various welfare benefits directly into their Aadhaar-linked account has increased tenfold from 100.8 million in 2013–14 to 1.24 billion in 2017–18, says the government data released in May.

Scholarships for minorities and the poorest of the poor had around 700,000 ghostbeneficiaries.

The official data also shows that the use of Aadhaar in social schemes has led to a massive purge of fake identities. Thirty-eight million ghost beneficiaries were receiving subsidized cooking gas. More than 27 million ghost ration-card holders were getting food grains through a program meant only for the extreme poor. Thirty-one million fake job cards for the rural livelihood program, which ensures employment for the rural population through one job card to each family, were struck off—equivalent to 14 percent of the total job cards. Similarly, scholarships for minorities and the poorest of the poor had around 700,000 ghost beneficiaries. These efforts have led to a combined savings of about $13 billion by the government up to March 2018. The figures of both savings and fake identities will go up significantly as the government streamlines its entire subsidy budget and all welfare schemes with Aadhaar-linked accounts.

The implementation of Aadhaar, however, has not been without a controversy—particularly around civil liberties. In 2017, in response to several petitions, India’s Supreme Court declared privacy a fundamental human right. Privacy advocates argue that the large-scale use of Aadhaar might lead to individual profiling and could be misused by the private sector. They also fear that this may limit social mobility because individuals could be trapped by their class, behavioral history, and stigma, which could precipitate the state toward a surveillance state.

There are also not-merely-hypothetical concerns about hacking and leakage of data. In 2017, the details of 1.4 million pensioners were inadvertently leaked by a local social security office. To allay privacy concerns, the government has added additional security layers to the Aadhaar architecture and also codified that the data is to be exclusively used for welfare services.

Aadhaar has shown the potential to help address the enormous bureaucratic inefficiencies in the public distribution system of India, but it has also raised genuine concerns about the vulnerability of the sensitive data of more than 1 billion people. However, some Indian politicians seem to be more interested in the former than the latter. “Those against Aadhaar are against it because it diminishes their influence. Public … officials are against Aadhaar because it substantially decreases their income,” Surjit Bhalla, a member of Prime Minister Narendra Modi’s Economic Advisory Council, told me recently in an email.

The whole stunt by the telecom regulator chief has gone awry. He continues to deny that his Aadhaar profile was breached, but his personal information—including mobile number, bank account details, address, and even frequent flier ID—are all over Twitter, allegedly put there by hackers. In response to the stunt, the parent body of Aadhaar, the Unique Identity Authority of India, released a statement saying that “such activities (releasing Aadhaar details publicly) are uncalled for and should be refrained as these are not in accordance with the law,” which only reinforced the risks to the Aadhaar database. In the end, this whole episode undermined the genuine debate around Aadhaar’s security. Worst of all, nobody can say with confidence whether all the data is safe.

Undoubtedly, Aadhaar has given a digital identity to the millions of poor people. But government has to take the responsibility for the safety and security of the personal data to build more trust in its digital infrastructure. That will be critical as it looks set to expanding the mandatory use of Aadhaar beyond essential welfare services to include services like income tax filing, personal property details, bank accounts, passports, employment, etc. Seventy-three million Indians are currently living in extreme poverty. Aadhaar could help lift them up—if it protects their data, too.

Update, Aug. 11, 2018: Aadhaar is a controversial program, and some critical dispute the government information used in the piece. They allege that part of the large numbers of “ghost beneficiaries” removed from welfare programs (which include people who have moved or died as well as fraudulent accounts) comes from people who are eligible for benefits but have been unable to enroll. No independent audit of the March 2018 data cited here is available.

Update, Aug. 13, 2018: The author worked for India’s Planning Commission from 2010-2014 as part of a program that hired young recent college graduates. His work was focused on infrastructure, energy, and governance. Aadhaar project comes under the Unique Identification Authority of India. Between 2009-16, the UIDAI functioned as an attached office of the Planning Commission. Since then, the UIDAI has been a statutory body under the Ministry of Electronics and Information Technology. The author’s work was never part of Aadhar or the UIDAI in any capacity.